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DETAILED ACTION 

A request for continued examination under 37 CFR 1.114, including tlie fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 7/1 1/08 
has been entered. 

Claims 1-28, 31, 33, 40, and 45 are pending. 

Response to Amendment and Arguments 

Applicant's amendments and arguments were fully considered. Applicant's 
argument that Crandall does not teach using a combination of secure and unsecured 
channels in a key system is moot in view of new rejections made below in light of 
Matyas's additional teachings (see Fig 4). Applicant's argument that the amendment to 
the claims specifying that the authentication code is transmitted after computing the 
authentication code differs from Peyravian's teachings was not persuasive. Applicant's 
argument that the amendment overcomes Peyravian's teachings is based on the 
assumption that the password PW of Peyravian was equivalent to the claimed 
authentication code. However, the office action did not point to the password as the 
authentication code. Instead, the office action pointed to HASH(ARGs) as the 
authentication code, see page 4 of prior office action. This value was first computed 
and then transmitted from the responder (i.e. server) to the client (see Fig 1), thus still 
meets the limitation as amended. 



Application/Control Number: 10/677,642 
Art Unit: 2135 



Pages 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-6, 8-11, 14-18, 20-28, 33, and 40 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Peyravian et al (US 2004/0158715) in view of Matyas, Jr. et 
a! (US 5,953,420). 
Claim 1: 

Peyravian discloses: 

1 . Computing an authentication code (i.e. HASH(ARGs)) using a first key (i.e. Dsor 
PKs) and a second key (i.e. PW) within said responder (Fig 1 , steps 140-155). 

The server is considered tlie responder. Note that PW is used to create Ds, 
which in turn is used to create ARGs, which is used in a hash function to create 
an authentication code. 

2. Transmitting said second key and said authentication code from said responder 
to an initiator, after computing said authentication code (paragraph 33 and Fig 1, 
steps 105 and 155-165). 
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3. Transmitting said first key from said responder to said initiator (Fig 1 , steps 1 60- 
1 65). Note that the first key (Ds or PKs) is sent from the server to the client as 
part ofEXTs. 

4. Computing a verification code (i.e. HASH(ARGs')) using said first key and said 

second key within said initiator (Fig 1, step 120 and Fig 2, steps 210 and 215). 
Note that Dc, which is used to calculate the verification code is calculated from 
PW, thus the verification code is computed using the first key (Ds or PKs^ and the 
second key (PW). 

5. Comparing said verification code with said authentication code (Fig 2, step 220). 

6. Authenticating said responder as a correct communication partner if said 
comparing checks out (Fig 2, step 220-225). 

7. Wherein said second key is a secret key (paragraph 22). 

Peyravian does not explicitly disclose the transmitting of the second key and 
authentication code is using a first communication channel, wherein said first 
communication channel is a secure channel. Peyravian also does not explicitly disclose 
the transmitting of the first key is using a second communication channel. 

However, note that Peyravian's invention utilizes a Diffie-Hellman key exchange 
(abstract), which exchanges public keys between an initiator and a responder 
(paragraphs 17-32; Fig 1, steps 150-155; and Fig 2, steps 210-215). Matyas discloses 
that Diffie-Hellman schemes were vulnerable to a man-in-the-middle type attack (col 2, 
line 6-12 and col 4, lines 19-23). Matyas discloses using a secure channel in 



Application/Control Number: 10/677,642 Page 5 

Art Unit: 2135 

combination with an unsecured channel to solve this vulnerability (Fig 4 and col 4, lines 
24-67). 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to modify Peyravian's invention using Matyas's teachings such that the 
first key (i.e. Dsor PKs) was transmitted using a second/non-secure channel while 
everything else (including the second key/PW and authentication code/HASH(ARGs)) 
was transmitted using a first secured/authenticated communication channel. 

One skilled would have been motivated to utilize a first secure communication 
channel to transmit the second key, i.e. PW, and the authentication code, i.e. 
HASH(ARGs), because it would reduce the chances of a man-in-the-middle attack that 
Diffie-Hellman key exchanges are vulnerable to. One skilled would have been 
motivated to use a second/nonsecure channel to transmit the first/public key of 
Peyravian because one skilled in the art would appreciate that there is no need to keep 
public keys secure and transmitting via a non-secure channel is less costly in 
computational resources than using a secure channel. Note that Matyas's invention, 
even though it makes use of both a secured and non-secured channel, still prefers to 
use a non-secured channel to exchange the public key since it offers higher speed and 
is less costly (col 4, lines 64-67 and col 7, lines 30-33). As such, it would have been 
obvious to one of ordinary skill in the art to utilize a nonsecure channel to send the 
public key while using a secure channel to send all other values in Peyravian and 
Matyas's combination invention. 
Claim 2: 
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Peyravian further discloses wherein the first key is generated within said 
responder (Fig 1, step 140). 
Claim 3: 

Peyravian further discloses wherein the second key is generated within said 
responder (paragraph 33). 
Claim 4: 

As per the limitation of wherein in the transmitting of said second key and said 
authentication code, said second key and said authentication code are transmitted via a 
confidential or authenticated communication channel or both, it is obvious to the 
combination invention of Peyravian and Matyas because it was established already in 
claim 1 that it would have been obvious to transmit said second key and said 
authentication code via a secure channel to prevent man-in-the-middle attacks. The 
secure channel disclosed by Matyas is a confidential or authenticated communication 
channel (col 4, lines 37-56). 
Claim 5: 

As per the limitation of wherein in the transmitting of said first key, said first key is 
transmitted via an open channel, it is obvious to the combination invention of Peyravian 
and Matyas because it was established already in claim 1 that it would have been 
obvious to transmit said first key via a nonsecure channel since there is no need to 
secure a public key. A nonsecure channel is an open channel. 
Claim 6: 
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As per claim 6, Peyravian further discloses wherein said second key is 
composed of a first part and a second part and wherein said first part is used for 
computing said authentication code and said second part is used for calculating an 
authentication value (paragraph 33 and Fig 1, steps 140-155). 

A person skilled in the art should appreciate that a password, which the examiner 
is considering the second key, is typically composed of several characters. As one can 
divide these characters in several ways, it is composed of a first and second part. Note 
that as recited, the limitation further recited in claim 6 does not prohibit that the second 
part also be used in computing the authentication code and the first part also be used In 
calculating the authentication value, and because the whole password (PW) is used to 
compute an authentication code (HASH(ARGs)) and an authentication value ARGs, said 
first part is used for computing said authentication code and said second part is used for 
calculating an authentication value. 
Claim 8: 

Peyravian further discloses wherein said authentication code and said verification 
code are computed using an algorithm to compute a shored message authentication 
code (Fig 1 , step 155 and Fig 2, step 215). A hash is a short message authentication 
code. 
Claim 9: 

Peyravian does not explicitly disclose wherein if the comparison of the 
authentication code and the verification code yields a difference, said initiator requests 
said responder to retransmit said first key. However, official notice is taken that asking 
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a responder to retransmit a key if authentication fails was well known in the art. At the 
time applicant's invention was made, it would have been obvious to one skilled in the art 
to further modify Peyravian's invention according to the limitations recited in claim 9. 
One skilled would have been motivated to do so because it is common practice in the 
art to let a responder know if authentication failed and to try resubmitting an 
authentication code in case the last transmission was an unintentional mistake. 
Claim 10: 

Peyravian further discloses calculating an authentication value within said 
initiator using said second key (Fig 1, step 120 and Fig 2, steps 210 and 215). PW is 
used to generate Dc, which is used to generate ARGs', which is considered the 
authentication value. 
Claim 11: 

Peyravian further discloses wherein said authentication code is calculated using 
a pseudo random, i.e. hash, function (Fig 1, step 155). 
Claim 14: 

Claim 14 is substantially similar to what is recited in claim 1 and is rejected for 
similar reasons given therein. The difference is that claim 14 recites a raw public key 
for the first key of claim 1 . However, note that the first key disclosed by Peyravian is a 
raw public key, i.e. i.e. Dsor PKs, (Fig 1, steps 104 and150-155 and paragraph 19). 
Claim 14 also recites that the raw public key was transmitted within an encrypted 
certification payload and extracting said raw public key from said encrypted certification 
payload. However, note that Peyravian discloses the raw public key being transmitted 
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within an encrypted certificate payload, i.e. EXTs (Fig 1, steps 160-165). EXTs contains 
the encrypted value HASH(ARGs), thus EXTs can be considered an encrypted 
certificate payload. Figure 2, steps 200-210 discloses both Dsand PKs, either of which 
could be considered the raw public key, being used by the client, which means the client 
extracted the raw public key from the encrypted certificate payload. 
Claims 15-18: 

Claims 15-18 recite limitations similar to what is recited in claims 2-3 and 6 
respectively and are rejected for similar reasons given therein. 
Claim 20: 

Claim 20 recites limitations similar to what is recited in claim 5 and is rejected for 
similar reasons. The difference is that claim 20 refers to the first key of claim 5 as the 
raw public key. However, as discussed in claim 14, Peyravian discloses the first key 
being the raw public key. 
Claims 21-22: 

Claims 21-22 recite limitations similar to what is recited in claims 8-9 and are 
rejected for similar reasons given therein. 
Claim 23: 

Peyravian further discloses wherein in further steps for communicating the 
second key is used for authenticating the initiator to the responder (paragraph 39). 
Claim 24: 

As per claim 24, the limitation that the computing of an authentication code and 
the transmitting of said second key and said authentication code utilize pre- 
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authentication message is obvious to the combination teachings of Peyravian and 
Matyas. As discussed in the rejection of claim 1, the combination invention utilizes 
trusted communication channel wherein any messages transmitted using the trusted 
channel is assumed to be authenticate, thus pre-authentication has occurred. Since at 
least some of the messages used to transmit the values used to compute the 
authentication code (i.e. HASH(ARGs)) is transmitted using the trusted channel, those 
messages can be said to be pre-authenticated. Likewise, the messages used to 
transmit the second key (i.e. PW) and authentication code can be said to be pre- 
authenticated messages due to use of the trusted channel for transmission of those 
messages. As per the limitation of wherein the transmitting of said first key and the 
using of said authentication values utilize internet key exchange protocol, these values 
are transmitted in Peyravian's invention as part of a key exchanging, thus by definition 
utilize internet key exchange protocol. 
Claim 25: 

Claim 25 is directed towards a system comprising a responder and initiator with 
means for implementing the method of claim 1 and is rejected for similar reasons as 
claim 1 . The server of Peyravian is considered a responder and the client is considered 
the initiator. 
Claim 26: 

Claim 26 is directed towards system with a generating means for implementing 
the method of claims 2 and 3 and is rejected for similar reasons given therein. 
Claim 27: 
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Claim 27 is directed towards system with a first transmission system for 
implementing the method of claim 4 and is rejected for similar reasons given therein. 
Claim 28: 

Claim 28 is directed towards system with a second transmission means for 
implementing the method of claim 5 and is rejected for similar reasons given therein. 
Claim 33: 

Claim 33 is directed towards a computer readable medium with a computer 
program with instructions stored thereon with instructions operable to cause a processor 
to implement the method of claim 1 and is reject for the same reasons given in claim 1 . 
Claim 40: 

Peyravian does not explicitly disclose wherein the communication is also secured 
by said initiator requesting said responder to retransmit said first key if the comparison 
of authentication code and verification code yields a difference. However, official notice 
is taken that the limitation was well known in the art. It would have been obvious to one 
skilled in the art to further modify Peyravian's invention according to the limitations 
recited in claim 40. One skilled would have been motivated to do so because it is 
traditional in the art to notify the initiator of an authentication request to retransmit 
whatever is needed to authenticate the initiator if a first attempt to authenticate the 
initiator failed due to an unintentional error. In the case of the combination invention of 
Peyravian and Matyas, the first key is used in the authentication protocol, thus the 
initiator would request that the responder retransmit at least the first key. 
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Claims 7, 12-13, 19, and 31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Peyravian et al (US 2004/0158715) in view of Matyas, Jr. et al (US 
5,953,420) and further in view of Eskicioglu (US 2002/0087865). 
Claim 7: 

Peyravian implicitly discloses wherein said first part is an empty string (paragraph 
22). A password is a series of characters, thus one can consider an empty string as 
being the first part of a password. 

Peyravian does not explicitly disclose wherein said authentication code is 
calculated as an unkeyed hash code. However, Eskicioglu discloses that unkeyed hash 
codes where a hash code is generated without use of a key was well known in the art at 
the time applicant's invention was made (paragraph 12). It would have been obvious to 
one skilled in the art to further modify Peyravian's invention such that the authentication 
code was calculated as an unkeyed hash code. One skilled would have been motivated 
to do so because unkeyed hash codes would be useful for providing proof of data 
integrity, which is one of the most important objectives of information security 
(paragraph 4). A further rationale for why it would have been obvious to modify 
Peyravian's invention such that it used an unkeyed hash code instead of a keyed one is 
that doing so is nothing more than simple substitution of one known hashing element for 
another to obtain a predictable result. In this case, the type of hash obtained is 
predictable. 
Claim 12: 
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Peyravian does note explicitly disclose said authentication value for 
authenticating messages that have been transmitted from said initiator to said 
responder, or vice versa. However, Eskicioglu discloses use of an authentication value 
for authenticating messages that have been transmitted from said initiator to said 
responder, or vice versa (paragraph 6). At the time applicant's invention was made, it 
would have been obvious to one of ordinary skill in the art to further modify Peyravian's 
invention according to the limitations recited in claim 12. One skilled would have been 
motivated to do so because data authentication is one of the most important objectives 
of information security (Eskicioglu: paragraph 4). 
Claim 13: 

As per claim 13, the limitation that the computing of an authentication code and 
the transmitting of said second key and said authentication code utilize pre- 
authentication message is obvious to the combination teachings of Peyravian and 
Matyas. As discussed in the rejection of claim 1 , the combination invention utilizes 
trusted communication channel wherein any messages transmitted using the trusted 
channel is assumed to be authenticate, thus pre-authentication has occurred. Since at 
least some of the messages used to transmit the values used to compute the 
authentication code (i.e. HASH(ARGs)) is transmitted using the trusted channel, those 
messages can be said to be pre-authenticated. Likewise, the messages used to 
transmit the second key (i.e. PW) and authentication code can be said to be pre- 
authenticated messages due to use of the trusted channel for transmission of those 
messages. As per the limitation of wherein the transmitting of said first key and the 
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using of said authentication values utilize internet key exchange protocol, these values 
are transmitted in Peyravian's invention as part of a key exchanging, thus by definition 
utilize internet key exchange protocol. 
Claim 19: 

Claim 7 recite limitations similar to what is recited in claim 7 and is rejected for 
similar reasons given therein. 
Claim 31: 

Claim 31 is directed towards a system comprising operating means for 
implementing the method of claim 13, thus is rejected for similar reasons given therein. 



Claim 45 is are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Peyravian et al (US 2004/0158715) in view of Matyas, Jr. et al (US 5,953,420) in further 
view of Gehrmann (US 7,284,127). 
Claim 45: 

Peyravian discloses wherein said computing the authentication code (i.e. 
HASH(ARGs)) and said computing the verification code (i.e. HASH(ARGs')) both use a 
message authentication code function (Fig 1, step 155 and Fig 2, step 215). 

Peyravian does not disclose the message authentication code function is a 
function of only two variables, said two variables being the first and the second key. 
However, Gehrmann discloses a message authentication code function that only uses 
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two variable, a first and second key (col 7, lines 30-32). Note that in Peyravian's 
invention public key PKs was considered a first key while a password PW was 
considered a second key. In Gehrmann's invention cited, public key X can be 
considered equivalent to PKs of Peyravian and secret string K can be considered 
equivalent to Peyravian's password PW. 

At the time applicant's invention was made, it would have been obvious to one 
skilled in the art to further modify Peyravian's invention using Gehrmann's teachings by 
replacing the message authentication code function used by Peyravian with the one 
used by Gehrmann such that the message authentication code function is a function of 
only two variables, said two variables being the first and the second key. The rationale 
for why it would have been obvious is that doing so would be nothing more than simple 
substitution of one known element for another (which performs a similar functionality) to 
obtain predictable results. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to PONNOREAY RICH whose telephone number is (571) 
272-7962. The examiner can normally be reached on 9:00am-4:30pm Mon-Thurs. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on 571-272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Ponnoreay Pich/ 
Examiner, Art Unit 2135 



